Investigating LOLBAS-Based Malware Using Hybrid Analysis: A Case Study of PowerShell-Driven Fileless Execution

  • Rosmiati Rosmiati Institut Teknologi Bachruddin Jusuf Habibie
  • Muh. Ikhsan Amar Institut Teknologi Bacharuddin Jusuf Habibie
  • Muhammad Arham Arsyad Institut Teknologi Bacharuddin Jusuf Habibie
  • Hariani Hariani Universitas Islam Negeri Alauddin Makassar
DOI: https://doi.org/10.61628/jsce.v7i2.2623
Keywords: malware analysis, hybrid reverse engineering, LOLBAS, PowerShell, fileless execution

Abstract

This study aims to identify and understand the technical characteristics of the malware output.exe, obtained from the MalwareBazaar repository, through a hybrid reverse engineering approach. This method combines static and dynamic analyses to provide a comprehensive understanding of the malware’s internal structure, execution behavior, and evasion techniques. Static analysis revealed the invocation of system functions such as CreateProcessW and RegSetValueExA, as well as the use of syscall to execute PowerShell commands directly, indicating the implementation of the LOLBAS (Living off the Land Binaries and Scripts) technique. Dynamic analysis using CAPE Sandbox confirmed the malware’s actual behavior, including process injection into legitimate processes such as svchost.exe, launching powershell.exe for data compression, and establishing network communication via Discord Webhook for data exfiltration. Integration of both analyses shows that output.exe functions as an information stealer with fileless execution and advanced persistence mechanisms. These findings demonstrate that the hybrid analysis approach is effective in identifying modern malware that leverages legitimate system components to evade traditional signature-based detection methods.

References

Aboaoja, F. A., Zainal, A., Ghaleb, F. A., Al-rimy, B. A. S., Eisa, T. A. E., & Elnour, A. A. H. (2022). Malware Detection Issues, Challenges, and Future Directions: A Survey. Applied Sciences, 12(17), 8482. https://doi.org/10.3390/app12178482

Aditya, H. N., Widiyasono, N., & Rahmatulloh, A. (2024). Analisis Malware Aquvaprn.exe Untuk Investigasi Sistem Operasi Dengan Metode Memory Forensics. Jurnal Teknik Informatika dan Sistem Informasi, 10(2), 161–172. https://doi.org/10.28932/jutisi.v10i2.6562

Adnyana, I. G. (2024). Reverse Engineering for Static Analysis of Android Malware in Instant Messaging Apps. Journal of Computer Networks, 6(3).

Damodaran, A., Troia, F. D., Corrado, V. A., Austin, T. H., & Stamp, M. (2022). A Comparison of Static, Dynamic, and Hybrid Analysis for Malware Detection. Journal of Computer Virology and Hacking Techniques, 13(1), 1–12. https://doi.org/10.1007/s11416-015-0261-z

Fransisca, V., & Ningsih, W. (2023). The Advancement of Technology and its Impact on Social Life in Indonesia. Devotion : Journal of Research and Community Service, 4(3), 860–864. https://doi.org/10.36418/devotion.v4i3.445

Gibert, D., Planes, J., Mateu, C., & Le, Q. (2022). Fusing feature engineering and deep learning: A case study for malware classification. Expert Systems with Applications, 207, 117957. https://doi.org/10.1016/j.eswa.2022.117957

Hazri, M. (2020). Analisis Malware PlasmaRAT dengan Metode Reverse Engineering. Jurnal Rekayasa Teknologi Informasi (JURTI), 4(2), 192. https://doi.org/10.30872/jurti.v4i2.4131

Hidayat, M. R. T., Widiyasono, N., & Gunawan, R. (2025). OPTIMASI DETEKSI MALWARE PADA SIEM WAZUH MELALUI INTEGRASI CYBER THREAT INTELLIGENCE DENGAN MISP DAN DFIR-IRIS. Jurnal Informatika dan Teknik Elektro Terapan, 13(1). https://doi.org/10.23960/jitet.v13i1.5686

Iavich, M., Gnatyuk, S., Simonov, S., & Sydorenko, V. (2025). Taking LOLBAS Hacking to Another Level—Stealing Passwords using Built-in Binaries⋆. In Workshop on Cybersecurity Providing in Information and Telecommunication Systems.

Jusoh, R., Firdaus, A., Anwar, S., Osman, M. Z., Darmawan, M. F., & Ab Razak, M. F. (2021). Malware detection using static analysis in Android: A review of FeCO (features, classification, and obfuscation). PeerJ Computer Science, 7, e522. https://doi.org/10.7717/peerj-cs.522

Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186. https://doi.org/10.1016/j.egyr.2021.08.126

Muhammad Taseer Suleman. (2024). Malware Detection and Analysis Using Reverse Engineering. International Journal for Electronic Crime Investigation, 8(1), 109–123. https://doi.org/10.54692/ijeci.2024.0801191

Nur Widiyasono, Siti Rahayu Selamat, Angga Sinjaya, Rianto, Randi Rizal, & Mugi Praseptiawan. (2024). Investigation of Malware Redline Stealer Using Static and Dynamic Analysis Method Forensic. Journal of Advanced Research in Applied Sciences and Engineering Technology, 48(2), 49–62. https://doi.org/10.37934/araset.48.2.4962

Rosmiati, Amar, M. I., & Arsyad, M. A. (2025). Analisis Reverse Engineering Malware Winrar Sfx Menggunakan Ghidra Untuk Deteksi Teknik Obfuscation Dan Uac Bypass. Jurnal INSTEK (Informatika Sains Dan Teknologi), 10(2), 507–517. https://doi.org/10.24252/instek.v10i2.60503

Shaukat, K., Luo, S., & Varadharajan, V. (2023). A novel deep learning-based approach for malware detection. Engineering Applications of Artificial Intelligence, 122, 106030. https://doi.org/10.1016/j.engappai.2023.106030

Widiyasono, N. (2025). PENGANTAR ILMU ANALISA MALWARE.

Xu, P., Eckert, C., & Zarras, A. (2022). hybrid-Falcon: Hybrid Pattern Malware Detection and Categorization with Network Traffic and Program Code (arXiv:2112.10035). arXiv. https://doi.org/10.48550/arXiv.2112.10035

Published
2026-04-30
Issue
Vol 7 No 2 (2026): JSCE: April 2026
Section
Articles
Abstract viewed = 0 times
pdf downloaded = 0 times